From cf93fbd39ab606931de01ec45b3a508737b698c9 Mon Sep 17 00:00:00 2001 From: Kira Pilot Date: Fri, 27 Jan 2023 11:50:21 -0500 Subject: [PATCH] chore: update Audit docs to include Audit Actions (#5887) * chore: update Audit docs to include Audit Actions * regenerated audit docs * adjusted check_enterprise_imports.sh * PR feedback * changing script back for now as CI faiiling --- docs/admin/audit-logs.md | 20 +++++++++----------- enterprise/audit/table.go | 18 ++++++++++++++++++ scripts/auditdocgen/main.go | 9 ++++++++- 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 892c61114c..709abb4b38 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -9,17 +9,15 @@ We track the following resources: -| Resource | | -| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AuditableGroup |
FieldTracked
avatar_urltrue
idtrue
memberstrue
nametrue
organization_idfalse
quota_allowancetrue
| -| GitSSHKey |
FieldTracked
created_atfalse
private_keytrue
public_keytrue
updated_atfalse
user_idtrue
| -| Organization |
FieldTracked
created_atfalse
descriptiontrue
idtrue
nametrue
updated_atfalse
| -| OrganizationMember |
FieldTracked
created_atfalse
organization_idtrue
rolestrue
updated_atfalse
user_idtrue
| -| Template |
FieldTracked
active_version_idtrue
allow_user_cancel_workspace_jobstrue
created_atfalse
created_bytrue
default_ttltrue
deletedfalse
descriptiontrue
display_nametrue
group_acltrue
icontrue
idtrue
is_privatetrue
min_autostart_intervaltrue
nametrue
organization_idfalse
provisionertrue
updated_atfalse
user_acltrue
| -| TemplateVersion |
FieldTracked
created_atfalse
created_bytrue
idtrue
job_idfalse
nametrue
organization_idfalse
readmetrue
template_idtrue
updated_atfalse
| -| User |
FieldTracked
avatar_urlfalse
created_atfalse
deletedtrue
emailtrue
hashed_passwordtrue
idtrue
last_seen_atfalse
login_typefalse
rbac_rolestrue
statustrue
updated_atfalse
usernametrue
| -| Workspace |
FieldTracked
autostart_scheduletrue
created_atfalse
deletedfalse
idtrue
last_used_atfalse
nametrue
organization_idfalse
owner_idtrue
template_idtrue
ttltrue
updated_atfalse
| -| WorkspaceBuild |
FieldTracked
build_numberfalse
created_atfalse
daily_costfalse
deadlinefalse
idfalse
initiator_idfalse
job_idfalse
provisioner_statefalse
reasonfalse
template_version_idtrue
transitionfalse
updated_atfalse
workspace_idfalse
| +| Resource | | +| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| AuditableGroup
create, write, delete |
FieldTracked
avatar_urltrue
idtrue
memberstrue
nametrue
organization_idfalse
quota_allowancetrue
| +| GitSSHKey
create |
FieldTracked
created_atfalse
private_keytrue
public_keytrue
updated_atfalse
user_idtrue
| +| Template
write, delete |
FieldTracked
active_version_idtrue
allow_user_cancel_workspace_jobstrue
created_atfalse
created_bytrue
default_ttltrue
deletedfalse
descriptiontrue
display_nametrue
group_acltrue
icontrue
idtrue
is_privatetrue
min_autostart_intervaltrue
nametrue
organization_idfalse
provisionertrue
updated_atfalse
user_acltrue
| +| TemplateVersion
create, write |
FieldTracked
created_atfalse
created_bytrue
idtrue
job_idfalse
nametrue
organization_idfalse
readmetrue
template_idtrue
updated_atfalse
| +| User
create, write, delete |
FieldTracked
avatar_urlfalse
created_atfalse
deletedtrue
emailtrue
hashed_passwordtrue
idtrue
last_seen_atfalse
login_typefalse
rbac_rolestrue
statustrue
updated_atfalse
usernametrue
| +| Workspace
create, write, delete |
FieldTracked
autostart_scheduletrue
created_atfalse
deletedfalse
idtrue
last_used_atfalse
nametrue
organization_idfalse
owner_idtrue
template_idtrue
ttltrue
updated_atfalse
| +| WorkspaceBuild
start, stop |
FieldTracked
build_numberfalse
created_atfalse
daily_costfalse
deadlinefalse
idfalse
initiator_idfalse
job_idfalse
provisioner_statefalse
reasonfalse
template_version_idtrue
transitionfalse
updated_atfalse
workspace_idfalse
| diff --git a/enterprise/audit/table.go b/enterprise/audit/table.go index a609ec68e8..be58f91410 100644 --- a/enterprise/audit/table.go +++ b/enterprise/audit/table.go @@ -4,8 +4,26 @@ import ( "reflect" "github.com/coder/coder/coderd/database" + "github.com/coder/coder/codersdk" ) +// This mapping creates a relationship between an Auditable Resource +// and the Audit Actions we track for that resource. +// It is important to maintain this mapping when adding a new Auditable Resource to the +// AuditableResources map (below) as our documentation - generated in scripts/auditdocgen/main.go - +// depends upon it. +var AuditActionMap = map[string][]codersdk.AuditAction{ + "GitSSHKey": {codersdk.AuditActionCreate}, + "OrganizationMember": {}, + "Organization": {}, + "Template": {codersdk.AuditActionWrite, codersdk.AuditActionDelete}, + "TemplateVersion": {codersdk.AuditActionCreate, codersdk.AuditActionWrite}, + "User": {codersdk.AuditActionCreate, codersdk.AuditActionWrite, codersdk.AuditActionDelete}, + "Workspace": {codersdk.AuditActionCreate, codersdk.AuditActionWrite, codersdk.AuditActionDelete}, + "WorkspaceBuild": {codersdk.AuditActionStart, codersdk.AuditActionStop}, + "AuditableGroup": {codersdk.AuditActionCreate, codersdk.AuditActionWrite, codersdk.AuditActionDelete}, +} + type Action string const ( diff --git a/scripts/auditdocgen/main.go b/scripts/auditdocgen/main.go index 4a304ad664..67bd81b77e 100644 --- a/scripts/auditdocgen/main.go +++ b/scripts/auditdocgen/main.go @@ -117,7 +117,14 @@ func updateAuditDoc(doc []byte, auditableResourcesMap AuditableResourcesMap) ([] buffer.WriteString("|--|-----------------|\n") for _, resourceName := range sortedResourceNames { - buffer.WriteString("|" + resourceName + "|") + // Create a string of audit actions for each resource + var auditActions []string + for _, action := range audit.AuditActionMap[resourceName] { + auditActions = append(auditActions, string(action)) + } + auditActionsString := strings.Join(auditActions, ", ") + + buffer.WriteString("|" + resourceName + "
" + auditActionsString + "|
FieldTracked
") // We must sort the field names to ensure sub-table ordering sortedFieldNames := sortKeys(auditableResourcesMap[resourceName])
FieldTracked